uprobes misses breakpoint insertion into VM_WRITE mappings

From: Mathieu Desnoyers
Date: Thu Mar 15 2018 - 16:48:10 EST

Next message: James Morse: "Re: [PATCH v9 5/7] arm64: kvm: Introduce KVM_ARM_SET_SERROR_ESR ioctl"
Previous message: Joel Fernandes: "[PATCH v2 1/2] tracing: Improve design of preemptirq tracepoints and its users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Erica has been working on extending test-cases for uprobes, and found
something unexpected:

Since commit e40cfce626a5 "uprobes: Restrict valid_vma(false) to skip VM_SHARED vmas"
uprobes does not insert breakpoints into mappings mprotect'd as writeable.

This issue can be reproduced by compiling a library without PIC (not using GOT),
and then concurrently:

A) Load the library (dynamic loader mprotect the code as writeable to do
the relocations, and then mprotect as executable),

B) Enable a uprobe through perf.

(it is a race window between the two mprotect syscalls)

It appears that the following restriction in valid_vma() is responsible
for this behavior:

if (is_register)
flags |= VM_WRITE;

I don't figure a clear explanation for this flag based on the function
comment nor the commit changelog. Any idea on whether this is really
needed ?

Note that on uprobes unregister, it allows removing a breakpoint event
on a writeable mapping, so there is clearly a discrepancy between the
level of paranoia associated with registration and unregistration.

Thanks,

Mathieu

--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com

Next message: James Morse: "Re: [PATCH v9 5/7] arm64: kvm: Introduce KVM_ARM_SET_SERROR_ESR ioctl"
Previous message: Joel Fernandes: "[PATCH v2 1/2] tracing: Improve design of preemptirq tracepoints and its users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]